Application Security Testing: An Integral Part of DevOps
I am working on a project that is a Web-based application that uses the render and RenderStream methods of SQL Server reporting services.
When you use the Render() method of SQL Server reporting service, it returns to you the stream of the report. If you have images in your report and you are getting the stream of type HTML, the returned stream will not contain the images in it. It will contain streamIdb's for all the objects such as charts, images, and so forth. Then, after calling the render method, you need to call the RenderStream() method to get all the objects.
As I got started on it, I had some problems getting the rendered images to appear in the report. It turns out that these resources are output without any file extension, so IE wasn't sure how to handle them.
To fix this problem, you have to configure your Web server. The steps to do this follow:
- In Internet Information Services Manager, navigate to the directory where external resources are rendered (the ASP.NET Machine account <machinename>\ASPNET will need to have write permissions to this directory to successfully create resources).
- Open the Properties page for of your Web application and select the HTTP Headers tab.
- Click 'MIME Types.'
- 4.Click 'New Type.'
- In 'Associated Extension.' enter '*' (no quotes).
- In 'Content Type (MIME).' enter 'image/png' (no quotes).